Codebase list rpki-client / upstream/7.3 INSTALL
upstream/7.3

Tree @upstream/7.3 (Download .tar.gz)

INSTALL @upstream/7.3raw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
1. Prerequisites
----------------

You will need libcrypto from LibreSSL or OpenSSL version 1.0.2e or newer.

2. Building / Installation
--------------------------

If you have checked this source using Git, follow these initial steps to
prepare the source tree for building:

 1. ensure you have the following packages installed:
      automake, autoconf, git, libtool
 2. The following dependencies are required to build rpki-client:
      OpenSSL or LibreSSL, LibreSSL libtls or libretls, Expat
 3. run './autogen.sh' to prepare the source tree for building.
    './autogen.sh', will checkout a version of rpki-client-openbsd into the
    directory "openbsd". This is a stripped down version of the OpenBSD
    source tree with files needed to build rpki-client.

To install rpki-cient with default options:

./configure
make
make install

This will install the rpki-client binary in /usr/local/sbin, configuration
files in /usr/local/etc. To specify a different installation prefix,
use the --prefix option to configure:

./configure --prefix=/opt
make
make install

Will install rpki-cient in /opt/{etc,sbin}. You can also override
specific paths, for example:

./configure --prefix=/opt --with-tal-dir=/etc/rpki
make
make install

This will install the binaries in /opt/sbin, but will place the
trust anchor files in /etc/rpki

When run as root rpki-client will drop privileges to a special rpki user
and do all processing with this user.

This requires that a user and group be created for it.
The user should not be permitted to log in, and its home directory
does not need to exist or be writeable.

You need to perform all of these tasks yourself like the following
(although the exact commands required for creating the user and group are
system dependant):

On most Linux and BSD systems, something like should work:

 groupadd _rpki-client
 useradd -g _rpki-client -s /sbin/nologin -d /nonexistent -c 'rpki-client user' _rpki-client
 
There are a few options to the configure script in addition to the ones
provided by autoconf itself:

--with-user=user
 Specify user used when run as root.  The default is "_rpki-client".

--with-rsync=command
 Specify which rsync command to use. The default is either openrsync or rsync.
 
--with-tal-dir=path
 Specify the path to the default TAL directory. The default is "${sysconfdir}/rpki".

--with-base-dir=path
 Location to store the RPKI cache repository. The default is "${localstatedir}/cache/rpki-client}".

--with-output-dir=path
 Specify the path to the default output directory. The default is "${localstatedir}/db/rpki-client}".


If you need to pass special options to the compiler or linker, you
can specify these as environment variables before running ./configure.
For example:

CFLAGS="-O2 " LDFLAGS="-s" ./configure

Building on macOS
-----------------

Building on macOS requires LibreSSL, which is available in brew.
It is recommended to export the CFLAGS and LDFLAGS accordingly.

brew install libressl
./autogen.sh
export PKG_CONFIG_PATH="/usr/local/opt/libressl/lib/pkgconfig"
./configure --with-openssl=openssl
make
make install

3. Trust anchors
----------------

The trust anchor files are installed in ${prefix}/etc/rpki or
whatever you specified as your --with-tal-dir or --sysconfdir
(/usr/local/etc/rpki by default).

4. Problems?
------------

If you experience problems compiling, installing or running rpki-client,
please report the problem to the address in the README file.